CIP Compliance Yields Security Complacency

August 2016 | by Richard Jones

As the big push behind NERC CIP v5/v6 comes to some form of “conclusion”, most U.S. utility executives are breathing a huge sigh of relief. Their efforts to make their high and medium impact facilities compliant are finally completing. However for some insiders, there is a concern that a state of compliance complacency is now manifesting in the U.S.

The expectation is that billions of dollars in compliance spend should have realized “enough” improvements in security … for now

Some larger utilities refute the need to spend any additional money on compliance motivated security improvements

As a result, the industry is moving slowly to meet the requirements for low impact facilities, systems, and assets and as a consequence may also be delaying other critical security initiatives. This will likely have undesired consequences.